Flashback Ends Mac's No-Virus Reputation, Experts Say

Over half a million Macs were hit by the Flashback botnet this week, with no user action required. Is this the end of the Mac's no-virus reputation, or just the latest in a growing collection of Mac threats?

Kaspersky: Reputation Already Lost Roel Schouwenberg, Senior Researcher for Kaspersky Lab, observed that "the MacDefender and DNSChanger epidemics from last year were the turning point." He goes on to note that "it became clear to the cyber-crime world that there's money to be made with OSX malware, and we’ve seen an increase in OSX malware since then."

Schowenberg stated, "Percentage-wise, Flashback is roughly the equivalent of Conficker," referring to the multi-vector Conficker Worm that created such a stir in 2008-2009. Most industry metrics for prevalence of PC viruses rely in part on telemetry from security software, so "because so few OSX users are running security software, so the metrics the industry has are limited." Schowenberg concluded, "I hope we can now finally lay the 'Mac has no malware' myth to rest."

Schowenberg also chastised Apple for its slow response to the problem. "Apple… needs get better about releasing patches for third party code in a more timely manner. A seven week delay is just not acceptable."

Kaspersky has released a collection of tips for boosting Mac security, including a recommendation that every Mac users should install antivirus protection.

The End of Digital MonocultureInternational Virus Expert Dave Perry stated unequivocally, "there is no computing device that does not need protection." Admitting that in the past the PC platform has taken the brunt of malware attacks, he noted that "the era of the digital mono-culture is coming to a close... We now live in a computing environment of many Operating platforms."

"The mono-culture era brought us the mass attack, for good or ill," said Perry. "Replicating, widespread malware like viruses and worms guaranteed that samples of every attack got into the hands of malware researchers, got catalogued, and analyzed and tagged." The modern, multi-OS world encourages targeted attacks, and "it has to be assumed that most attacks will never become visible to the research community."

Perry concluded with a warning. "Things have been heading this direction for some time," said Perry. "For your Macintosh, get some protection, at least a virus scanner and firewall... This doesn't get solved any time soon."

Bitdefender: Install Security!Catalin Cosoi, Chief Security Researcher for Bitdefender, didn't beat around the bush. "It’s obvious that every computer user, no matter if he uses Mac or Windows or Linux should have a security solution installed," said Cosoi. He warned Mac users against a false sense of security, saying "Mac users thought that they can practically do whatever they want on the internet, with no risks involved."

Cosoi ran the numbers on Flashback and concluded it wasn't huge percentage-wise. "600,000 represents around 12% of the Mac OS computers sold in Q42011, which means that if we count the number of Mac OS devices sold in the past three years, we can estimate that less than 1% of the Mac OS computers are possibly infected."

Cosoi noted that the main target of the Flashback attack involved harvesting log-in credentials and "as much as confidential information as possible, even thought it might not be related directly to money." He affirmed that "these collected details will be most definitely used for future complex targeted attacks."

"Unfortunately, the bad news is that even though this was probably the largest infection so far, it’s probably not enough to convince Mac users that the threat is real and it's here to stay," concluded Cosoi.

Webroot: Beware Cross-OS InfectionTo Joe Jaroch, VP Endpoint Solutions Engineering for Webroot, "it is tantamount to security suicide to run without a fully featured security product on a Mac operating system, especially within a corporation." Because Mac users assume that their hardware is impervious to any threat, "Mac threats have been a silent killer for the last several years." Jaroch stated, "Flashback is definitely a turning point in the threat landscape for Macs but we expect it will be the first of many similar occurrences, and probably a door into a more sinister style of threat."

Cyber-criminals write malware to make money, and hence must "prioritize based on the economy of their potential to infect the widest number of users," said Jaroch. "Therefore, they've always targeted the widest reaching operating system: Microsoft Windows." With rising popularity for the Mac comes a rising threat level, but Jaroch sees worse ahead. "We anticipate the next big threat for Macs will be a dual-warhead threat, targeting both Windows and OSX at the same time by launching an attack using multiple exploits simultaneously. Combined with a phishing attack, a cross-OS infection would become a 'triple edged sword', targeting mobile clients as well as the two major desktop operating systems, instantly increasing the reach of one piece of malicious code to billions of devices."

Jaroch concluded, "Malware isn't going away - as long as users can delete files and surf websites, they will be susceptible to threats... The best dog in the fight against these types of threats is a security solution which works cross-platform and manages all devices centrally."

Antivirus Testers Weigh InIndependent antivirus testing labs definitely focus on evaluating PC protection, but they keep a watchful eye on the Mac market as well. Andreas Marx, CEO of AV-Test.org, noted that Flashback isn't a turning point but rather "a reminder that Apple computers are not a virus-free zone." He pointed out that "Mac malware has been there since the very beginning of the Apple era, just the number of malware samples is much lower when compared with Windows. With the increasing popularity of Macs for users, they are getting more relevant and attractive for malware writers as well."

Marx stated, "I think that the Apple users saw their 'ILOVEYOU' infection now, just like what hit the Windows users around 12 years ago. 'ILOVEYOU' was a wake-up call for many users to not click on every attachment and to use AV software. He concluded, "I'm pretty sure we'll see more of such 'outbreak' events (like we saw on Windows in past) in future until Mac users gets better prepared."

Peter Stelzhammer, Vice-Chairman of AV-Comparatives.org, agreed that Mac users have long held a false sense of security, "but they have been misled." Stelzhammer noted that social engineering attacks know no operating system boundaries. "Phishing doesn't care if it is going to attack a PC, a Mac, an iPad, an Android Device, a Symbian phone, a Home Entertainment System. It just attacks everything with a browser." He went on to observe, "There is malware for Mac out there. Of course, a lot less than for Windows, but just one piece of malware can harm you."

Install Protection NowThe experts agree—Mac users can no longer get away with ignoring antivirus protection. Mac-only households need Mac-specific protection (free or paid). Households with a mix of PCs, Macs, and mobile devices can get cross-platform protection from products like Norton One and McAfee All Access. Just put something between your Mac and its attackers.

About the Author

Neil Rubenking served as vice president and president of the San Francisco PC User Group for three years when the IBM PC was brand new. He was present at the formation of the Association of Shareware Professionals, and served on its board of directors. In 1986, PC Magazine brought Neil on board to handle the torrent of Turbo Pascal tips submitted b... See Full Bio

Get Our Best Stories!

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.